From owner-freebsd-questions@FreeBSD.ORG Wed Oct 29 22:22:02 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA56D1065673 for ; Wed, 29 Oct 2008 22:22:02 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by mx1.freebsd.org (Postfix) with ESMTP id B16FA8FC1D for ; Wed, 29 Oct 2008 22:22:02 +0000 (UTC) (envelope-from jeffrey@goldmark.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id EBF601897E4; Wed, 29 Oct 2008 18:22:01 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Wed, 29 Oct 2008 18:22:01 -0400 X-Sasl-enc: +GvUWw666KfmeTsgNqOoOnIBfm9+qD1UQ+4lBWpnFr3D 1225318921 Received: from hagrid.ewd.goldmark.org (n114.ewd.goldmark.org [72.64.118.114]) by mail.messagingengine.com (Postfix) with ESMTPSA id 4C8122C15C; Wed, 29 Oct 2008 18:22:01 -0400 (EDT) Message-Id: <9085B850-9271-40D9-A64D-84DF64F14E2E@goldmark.org> From: Jeffrey Goldberg To: Jeremy Chadwick In-Reply-To: <20081027002359.GA7165@icarus.home.lan> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v929.2) Date: Wed, 29 Oct 2008 17:21:59 -0500 References: <20081026235553.GA45810@ezekiel.daleco.biz> <20081027002359.GA7165@icarus.home.lan> X-Mailer: Apple Mail (2.929.2) Cc: freebsd-questions@freebsd.org Subject: Re: MTA on non-standard port X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2008 22:22:03 -0000 On Oct 26, 2008, at 7:23 PM, Jeremy Chadwick wrote: > 1) Incoming SMTP (e.g. someIP:* --> yourIP:25) > 2) Outbound SMTP (e.g. yourIP:* --> someIP:25) > > #2 has become prominent in the past few years, and is applied by ISPs > because they want to curb their customers sending spam out onto the > Internet (usually as a result of viruses, trojans, etc.), getting > their > IPs blocked by DNSBLs and giving them a bad social rep. Instead, they > force customers to relay outbound mail through their own SMTP servers > (called a "smart host" in sendmail terms). > > There's absolutely no way around this; you can beg them all you want, > but the chances of them adding a pass-through for you is very slim. If you want to do direct to MX mailing, you are going to need to negotiate that separately. At the very least you will need a static IP address. If you pay for that, then you will probably be allowed to do direct to MX mailing. On the whole, I think that Access Service Providers are right in this policy. Back in the old days of smaller ASPs, there were several that had a simple policy. You could be allowed destination:25 traffic merely by asking for it. They figured that anyone smart enough to ask for it knew what they were doing. But it was blocked by default. But keep in mind that if you don't have a static IP address, the mail hosts you try to reach are also very likely to block you. > The Linksys router has two outbound firewall rules applied to it: it > only allows bsdIP on my LAN to connect to someIP:25,587 -- thus, only > one machine on my LAN is allowed to speak SMTP to the world. I do > this > purely as a precautionary measure (in case one of my friends comes > over > with his/her laptop, which happens to be infected and sends spam, etc. > -- it won't work, period). Wise choice. I wish more home and business networks did that. > Eventually they stated that I could send mail through their mail > servers > on port 587. I quickly set this up, and found it failed -- their > servers require SMTP AUTH on port 587, no exceptions (note: this is > NOT mandatory by the RFC; it's OPTIONAL). Again. I think that this is fit and proper. > The reason I do not like siphoning mail through Comcast: their mail > servers are known to act wonky or /dev/null mail for mysterious > reasons. Then pay money to a company whose business depends on doing mail right. I use fastmail.fm which I highly recommend. > I hope the experience with your ISP is better than mine. Good luck. A business account (needed for a static IP address) is expensive. But don't expect to mail directly to MX (without going through some mailhub, either comcast's or a service that you pay separately for) without one. Cheers, -j